login/post: require user to access

[minimedit.git] / login / post / index.php

diff --git a/login/post/index.php b/login/post/index.php
index c3439a18c9453fbc84333bf837d222d1e24e29fe..747683f08e0d388f1df0f4578bac6a5e6efc24ab 100644 (file)
--- a/login/post/index.php
+++ b/login/post/index.php
@@ -1,5 +1,11 @@
 <?php
-if ($username = @$_REQUEST['login']) {
+if (!$User) {
+       http_response_code(303);
+       $target = urlencode($_SERVER['REQUEST_URI']);
+       header("Location: /login?goto=$target");
+       exit;
+}
+elseif ($User->admin('user') and $username = @$_REQUEST['login']) {
        try {
                $user = new User("profile/$username");
        }
@@ -21,3 +27,8 @@ if ( $password = trim(@file_get_contents("{$user->dir}/.passwd")) ) {
        }
        $Place['pass'] = htmlspecialchars($password) ?: '<em>zelf ingesteld</em>';
 }
+else {
+       $Place['pass'] = '<em>onbekend</em>';
+}
+
+print '<p class="nav right"><a href="javascript:window.print()">Print</a></p>'."\n";